Zero Trust Posture
Assumptions
Section titled “Assumptions”- Every network boundary is hostile until proven otherwise.
- Documentation requires authenticated access even in staging environments.
- Developers operate from untrusted machines and must avoid storing secrets locally.
Controls (Planned & Active)
Section titled “Controls (Planned & Active)”| Control | Status | Notes |
|---|---|---|
| Cloudflare Access for docs | Planned | Protects docs.example.com using SSO groups. |
| MFA on Git hosting | Active | Required for all contributors. |
| Principle of least privilege | Active | Access granted per-app or per-project. |
| Continuous logging | Planned | Pending selection of log aggregation tooling. |
Actions
Section titled “Actions”- Finalise SSO provider and group mapping before Cloudflare deployment.
- Document Access policies once implemented and link from this page.
- Conduct quarterly Zero Trust reviews alongside platform retrospectives.